CVE-2024-10835

CRITICAL

Dbgpt Db-gpt < 0.7.1 - SQL Injection

Title source: rule

Description

In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE).

Exploits (1)

nomisec WORKING POC

by 6jeffr3y · poc

https://github.com/6jeffr3y/CNVD-2026-12436-and-CVE-2024-10835

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/e32fda74-ca83-431c-8de8-08274ba686c9

Scores

CVSS v3 9.8

EPSS 0.0109

EPSS Percentile 78.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

dbgpt/db-gpt 0.6.0

pypi/dbgpt 0 - 0.7.1PyPI

Published Mar 20, 2025

Tracked Since Feb 18, 2026